请选择 进入手机版 | 继续访问电脑版

网络科技

    今日:102| 主题:284799
收藏本版
互联网、科技极客的综合动态。

[科技] Security Think Tank: Combine technology and communication to combat phishing ris

[复制链接]
很绝美很感慨 发表于 2016-10-7 00:52:24
278 10

Security Think Tank: Combine technology and communication to combat phishing ris ...

Security Think Tank: Combine technology and communication to combat phishing ris-1-网络科技-technology,techniques,available,education,effective

   At a recent Black Hat conference in the US, nearly half the delegates who were polled about phishing scams said they were not confident their company’s executives could spot one. So, dear reader, how confident are you that your senior managers could spot a phishing scam?
  There are a number of technologies available to help deal with email-borne scams. It’s fair to say none of them are 100% effective and some scam emails will get through. This puts a reliance on the email recipient to handle the scam email in the most appropriate way, and where training and education for the user comes in. So what are the most effective techniques today?
   Businesses with their own email server or system can heavily reduce the volume of scam or phishing emails getting through to user inboxes by using an email scanning system typically placed in front of an email server. This could be acloud-based service, such as Message Labs,AVG Cloud Care or Symantec Email Security.cloud, or an in-house system, such as Mail Scanner, Sophos XG Firewall orGFI Mail Essential.
  Our experience is that some of the cloud-based services do let through some spam emails that would typically be caught by an on-site engine. For many organisations, a cloud-based service is a good first choice for technical control, as it does not rely on the organisation having to maintain the system. Some cloud-based services can be configured to allow individual user access to review and control any quarantined emails against their own email address – for example, delete, release or block – and thus the pressure on in-house support staff is reduced.
  Individuals and businesses that buy their email service from a second or third party – for example, their internet service provider, Microsoft 365, Google and other internet-based hosting companies – should look to ensure the email service is supplied with comprehensive email protection such as spam or phishing protection, or antivirus software.
  The value of PC-based email protection is questionable. It may well provide a long stop, but the antivirus product running on the PC should provide protection without needing to be integrated with the email product. Microsoft discussed this back in 2008 in relation to Outlook Express.
  On spam detection, PC-based products are useful where there is no front-end protection, such as at ISP level, but they will rely on being fully maintained, up-to-date and typically won’t be as good as a cloud-based service. However, many of the products available for the PC provide a complete suite of facilities, including antivirus, URL checking and spam filtering, and are still a valuable additional technical control.
  With the technical controls in place, you need to train and educate users on spotting emails with malicious intent, as well as knowing what to do should something go wrong. Remember that such an exercise is not a one-off. It must be supported and reinforced on an ongoing basis.
   The message in any training and education is that failure will typically lead to potentially significant financial loss. In early 2016, our company helped a mid-sized company, with about £3m in turnover, that was hit with ransomware . In this case, an email from an unknown supplier with a PDF invoice was opened. It took two days and approximately 60 resource hours to fully recover the IT and data. The overall cost ran into thousands of pounds.
  The message of not opening emails from unknown sources, or unexpected emails or attachments, is key, but those messages must be reinforced by identifying the potential for financial loss or potential PR disaster. These are messages that senior managers and board directors can understand, because they generally won’t understand technical gobbledygook.
  Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.
ckqvr 发表于 2016-10-7 00:59:40
抢完橘子抢银行,现在要来抢沙发!
回复 支持 反对

使用道具 举报

い明 媚 发表于 2016-10-7 01:00:03
站位支持
回复 支持 反对

使用道具 举报

alvin285 发表于 2016-10-7 01:00:44
一直在看
回复 支持 反对

使用道具 举报

美麗的邂逅∮ 发表于 2016-10-7 01:14:55
我只是来看看的,这个世界还有太多的帖需要哥。哥祝楼主早日得到解答
回复 支持 反对

使用道具 举报

廖晶 发表于 2016-10-7 01:16:53
楼主想办法,让咱的帖子火起来吧。。。。
回复 支持 反对

使用道具 举报

mumuworld 发表于 2016-10-7 04:09:30
楼主已成仙,有事请求签!
回复 支持 反对

使用道具 举报

263262 发表于 2016-10-7 12:08:03
LZ帖子不给力,勉强给回复下吧
回复 支持 反对

使用道具 举报

jt5d 发表于 2016-10-12 20:34:33
永远不要给背叛过自己的朋友第二次背叛的机会。
回复 支持 反对

使用道具 举报

865569680 发表于 2016-11-11 08:00:24
睡眠是一门艺术――谁也无法阻挡我追求艺术的脚步!  
回复 支持 反对

使用道具 举报

我要投稿

推荐阅读


回页顶回复上一篇下一篇回列表
手机版/c.CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 | 粤公网安备 44010402000842号 )

© 2001-2017 Comsenz Inc.

返回顶部 返回列表